Cyber Security
in ComAp Products

Cyber Security

The world is becoming increasingly more connected, with more communications possibilities. This is especially true with the energy control industry, enabling flexibility and remote access. Remote monitoring and control allows users to save time and money, but also provides reliable data for making crucial business decisions.

However, this connectedness also increases need for cybersecurity to prevent harmful attacks. Security has always been a focus at ComAp, so our customers can be assured that ComAp has, and always will, take the security of our customers data and equipment seriously.
 
Security by design
When designing control products and software, we start with the question “How we can assure the best cyber security criteria within this product?” at the beginning of product development. As part of this process, we have developed five essential criteria for security.

 
Secured firmware
All new ComAp firmware is secured by encryption. This prevents any firmware from being uploaded into non-genuine or modified ComAp products. It also means that the controller will not accept any non-encrypted firmware when someone tries to upload it.

 
Ciphering of communication
Communication through public networks (Ethernet, Internet, AirGate) is bidirectionally secured by a ComAp-developed ciphering technology CCS. ComAp’s proprietary ciphering technology is based on proven cryptographic algorithms, and it has been audited by an external security audit company, and it passed penetration tests successfully.
Protection against brute-force attack
ComAp’s controllers feature brute force attack detection during the user authentication process. If an attack is detected, the control unit is gradually blocked by prolonging the time between individual attempts to sign in – similar to a mobile phone preventing a user to access the phone if the PIN is entered incorrectly too many times.
Reliable user authentication
ComAp controllers, use authentication of unique user accounts similar to the way cyber security systems in the information technology work. All user access is logged, and any activity under a particular login is recorded. This secures tracking of all user activities in the control device but also enables highly flexible access rights management for controller administrators.
System security against data leakage
If an administrator loses access to the controller, a robust mechanism to retrieve the administrator access is used. This mechanism is based on a digital signature unique to the controller and requires double-factor authentication. Access can only be granted by ComAp. This prevents forgery and misuse by a non-authorized person.

Cyber Security Alerts & Advisories

ID Version Document title CVSS Score Download
CA-VD-001 V1 Webserver interfaces vulnerability 5.4 Link

Our website uses cookies and similar technologies to provide you the best experience and to understand how you use our site.

You may either „Accept all“ by which you agree with using functional, analytical and marketing cookies. By pressing „Revoke“ only necessary cookies shall be allowed to enable the website and applications function correctly. To revoke your consent you can do it from footer menu in Change cookie preferences section.

Here or under the section Privacy you may find more detailed information on your privacy.